Don't view images with src="javascript:..."
BUG:19296937
cherry-pick of 0d75bdd4654a2352df68709c04c773d383a58054 from master
Change-Id: Ic3597a22a3b0c1f90cdd737e735904beaf35a58e
diff --git a/src/com/android/browser/Controller.java b/src/com/android/browser/Controller.java
index 3e4ae66..934f70f 100644
--- a/src/com/android/browser/Controller.java
+++ b/src/com/android/browser/Controller.java
@@ -151,6 +151,13 @@
// "no-crash-recovery" parameter in intent to suppress crash recovery
final static String NO_CRASH_RECOVERY = "no-crash-recovery";
+ // Only view images using these schemes
+ private static final String[] IMAGE_VIEWABLE_SCHEMES = {
+ "http",
+ "https",
+ "file"
+ };
+
// A bitmap that is re-used in createScreenshot as scratch space
private static Bitmap sThumbnailBitmap;
@@ -1409,7 +1416,12 @@
.setOnMenuItemClickListener(new OnMenuItemClickListener() {
@Override
public boolean onMenuItemClick(MenuItem item) {
- openTab(extra, mTabControl.getCurrentTab(), true, true);
+ if (isImageViewableUri(Uri.parse(extra))) {
+ openTab(extra, mTabControl.getCurrentTab(), true, true);
+ } else {
+ Log.e(LOGTAG, "Refusing to view image with invalid URI, \"" +
+ extra + "\"");
+ }
return false;
}
});
@@ -1429,6 +1441,16 @@
mUi.onContextMenuCreated(menu);
}
+ private static boolean isImageViewableUri(Uri uri) {
+ String scheme = uri.getScheme();
+ for (String allowed : IMAGE_VIEWABLE_SCHEMES) {
+ if (allowed.equals(scheme)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
/**
* As the menu can be open when loading state changes
* we must manually update the state of the stop/reload menu
